RHEL 3 / 4 / 5 : star (RHSA-2007:0873)

An updated star package that fixes a path traversal flaw is now
available.

This update has been rated as having moderate security impact by the
Red Hat Security Response Team.

Star is a tar-like archiver. It saves multiple files into a single
tape or disk archive, and can restore individual files from the
archive. Star includes multi-volume support, automatic archive format
detection and ACL support.

A path traversal flaw was discovered in the way star extracted
archives. A malicious user could create a tar archive that would cause
star to write to arbitrary files to which the user running star had
write access. (CVE-2007-4134)

Red Hat would like to thank Robert Buchholz for reporting this issue.

As well, this update adds the command line argument '-..' to the Red
Hat Enterprise Linux 3 version of star. This allows star to extract
files containing '/../' in their pathname.

Users of star should upgrade to this updated package, which contain
backported patches to correct these issues.

Training & Certification

The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.